java生成数字证书（一、公钥数字证书）

这一段时间做毕业设计，要生成数字证书，于是学习了相关知识，这儿和大家分享一下。

首先介绍一下数字证书的分类，数字证书分为两种：公钥数字证书（cer）和私钥数字证书（pfx），顾名思义cer就是只含有公钥的数字证书，pfx则含有私钥。

1.生成公钥数字证书

需要导入bouncycastle-jce-jdk13-112.jar

package ca;

import java.io.FileOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.Security;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Date;

import org.bouncycastle.asn1.x509.X509Name;
import org.bouncycastle.jce.X509V3CertificateGenerator;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

public class MyCert {
    static {
        Security.addProvider(new BouncyCastleProvider());
    }
    /**
     * 根据seed产生密钥对
     * @param seed
     * @return
     * @throws NoSuchAlgorithmException
     */
    public KeyPair generateKeyPair(int seed) throws NoSuchAlgorithmException {
        KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
        kpg.initialize(, new SecureRandom(new byte[seed]));
        KeyPair keyPair = kpg.generateKeyPair();
        return keyPair;
    }

    /**
     * 产生数字公钥证书
     * String[] info长度为9，分别是{cn,ou,o,c,l,st,starttime,endtime,serialnumber}
     * @throws SignatureException 
     * @throws SecurityException 
     * @throws NoSuchProviderException 
     * @throws InvalidKeyException 
     */
    public X509Certificate generateCert(String[] info, KeyPair keyPair_root,KeyPair keyPair_user) throws InvalidKeyException, NoSuchProviderException, SecurityException, SignatureException {
        X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
        X509Certificate cert = null;
        certGen.setSerialNumber(new BigInteger(info[]));
        certGen.setIssuerDN(new X509Name(
                "CN=huahua, OU=hnu, O=university , C=china"));
        certGen.setNotBefore(new Date(Long.parseLong(info[])));
        certGen.setNotAfter(new Date(Long.parseLong(info[])));
        certGen.setSubjectDN(new X509Name("C=" + info[] + ",OU=" + info[]
                + ",O=" + info[] + ",C=" + info[] + ",L=" + info[] + ",ST="
                + info[]));
        certGen.setPublicKey(keyPair_user.getPublic());
        certGen.setSignatureAlgorithm("SHA1WithRSA");
        cert = certGen.generateX509Certificate(keyPair_root.getPrivate(), "BC");
        return cert;
    }
    /**
     * 在D盘产生公钥数字证书了
     * @param args
     * @throws NoSuchAlgorithmException
     * @throws InvalidKeyException
     * @throws NoSuchProviderException
     * @throws SecurityException
     * @throws SignatureException
     * @throws CertificateEncodingException
     * @throws IOException
     */
    public static void main(String[] args) throws NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SecurityException, SignatureException, CertificateEncodingException, IOException{
        MyCert myCert = new MyCert();
        KeyPair keyPair_root = myCert.generateKeyPair();
        KeyPair keyPair_user = myCert.generateKeyPair();
        String[] info = {"huahua_user","hnu","university","china","hunan","changsha","111111","11111111","1"};
        X509Certificate cert = myCert.generateCert(info, keyPair_root, keyPair_user);
        String certPath = "d:/"+info[]+".cer";
        FileOutputStream fos = new FileOutputStream(certPath);
        fos.write(cert.getEncoded());
        fos.close();
    }
}
           

代码结果如下，有图有真相

写到这儿先休息一下，下一期再说私钥数字证书。88